# openssl req -new -key /etc/httpd/ssl/web-vhosts-com.key -days 7300 -out /etc/httpd/ssl/web-vhosts-com.csr
(5)将证书签署请求文件web-vhosts-com.csr发送至192.168.1.146:
# scp /etc/httpd/ssl/web-vhosts-com.csr root@192.168.1.146:/etc/pki/CA/certs
8、192.168.1.146签署证书并发还给192.168.1.145:
(1)签署证书:
# openssl ca -in /etc/pki/CA/certs/web-vhosts-com.csr -days 7300 -out /etc/pki/CA/certs/web-vhosts-com.crt
ca:用于签署证书请求的OpenSSL子命令
-in web-vhosts-com.csr:证书签署请求文件路径
-days 7300:证书的有效期限为20年
-out web-vhosts-com.crt:证书的保存路径
更多ca子命令选项可查看:# man ca
# scp /etc/pki/CA/certs/web-vhosts-com.crt root@192.168.1.145:/etc/httpd/ssl
(3)192.168.1.145查看证书信息:
# openssl x509 -in /etc/httpd/ssl/web-vhosts-com.crt -noout -text //显示的信息多
# openssl x509 -in /etc/httpd/ssl/web-vhosts-com.crt -noout -subject
# openssl x509 -in /etc/httpd/ssl/web-vhosts-com.crt -noout -serial
备注:
使用私钥web-vhosts-com.key和证书web-vhosts-com.crt生成微软专用证书web-vhosts-com.crt.pfx:
# cd /etc/httpd/ssl
# openssl pkcs12 -export -out web-vhosts-com.pfx -inkey web-vhosts-com.key -clcerts -in web-vhosts-com.crt
使用微软专用证书web-vhosts-com.pfx生成私钥web-vhosts-com.key和证书web-vhosts-com.crt:
# openssl pkcs12 -in web-vhosts-com.pfx -nodes -out web-vhosts-com.pem
# openssl rsa -in web-vhosts-com.pem -out web-vhosts-com.key
# openssl x509 -in web-vhosts-com.pem -out web-vhosts-com.crt
9、192.168.1.145配置Apache支持SSL:
(1)安装SSL模块:# yum -y install mod_ssl